theevilbit/Shield

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/theevilbit/Shield)

theevilbit / Shield

An app to protect against process injection and suspicious file links on macOS

☆230

Alternatives and similar repositories for Shield

Users that are interested in Shield are comparing it to the libraries listed below

Sorting:

themittenmac / TrueTree
View on GitHub
A command line tool for pstree-like output on macOS with additional pid capturing capabilities
☆276Aug 23, 2024Updated last year
objective-see / ProcessMonitor
View on GitHub
Process Monitor Library (based on Apple's new Endpoint Security Framework)
☆492Oct 20, 2023Updated 2 years ago
slyd0g / SwiftParseTCC
View on GitHub
Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format
☆40Jul 27, 2021Updated 4 years ago
SuprHackerSteve / Crescendo
View on GitHub
Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.
☆1,071Jul 22, 2021Updated 4 years ago
objective-see / FileMonitor
View on GitHub
File Monitor Library (based on Apple's new Endpoint Security Framework)
☆372Oct 9, 2022Updated 3 years ago
trailofbits / sinter
View on GitHub
A user-mode application authorization system for MacOS written in Swift
☆301Sep 18, 2020Updated 5 years ago
Alkenso / sEndpointSecurity
View on GitHub
☆11Jun 5, 2024Updated last year
PhorionTech / Kronos
View on GitHub
Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…
☆80Nov 21, 2023Updated 2 years ago
richiercyrus / Venator
View on GitHub
[⛔️ Deprecated] Venator is a python tool used to gather data for proactive detection of malicious activity on macOS devices.
☆177Jul 1, 2020Updated 5 years ago
objective-see / DNSMonitor
View on GitHub
A DNS Monitor, leveraging Apple's NEDNSProxyProvider/Network Extension Framework
☆210Aug 20, 2024Updated last year
cedowens / SwiftBelt
View on GitHub
A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens
☆340Apr 28, 2022Updated 3 years ago
0xmachos / macos-scripts
View on GitHub
Various scripts for macOS tasks
☆141Nov 24, 2025Updated 3 months ago
its-a-feature / loginItemManipulator
View on GitHub
☆15May 26, 2021Updated 4 years ago
hot3eed / xpcspy
View on GitHub
Bidirectional XPC message interception and more. Powered by Frida
☆428Nov 9, 2022Updated 3 years ago
objective-see / BlockBlock
View on GitHub
BlockBlock provides continual protection by monitoring persistence locations.
☆749Updated this week
mnrkbys / bgiparser
View on GitHub
A parsing tool for backgrounditems.btm
☆52Aug 23, 2024Updated last year
securing / SimpleXPCApp
View on GitHub
Secure example of an XPC helper written in Swift
☆108Mar 16, 2020Updated 5 years ago
saagarjha / macOSSandboxInitializationBypass
View on GitHub
App sandbox escapes for macOS
☆31May 20, 2020Updated 5 years ago
gyunaev / macprocmon
View on GitHub
MacOS X process monitor using EndpointSecurity extension.
☆37Sep 29, 2025Updated 5 months ago
Brandon7CC / mac-monitor
View on GitHub
"The missing ProcMon for macOS": Mac Monitor records Endpoint Security events and displays them for analysis.
☆1,265Updated this week
saagarjha / expresscall
View on GitHub
Proof-of-concept LLVM fork to speculatively inline objc_msgSend
☆16Dec 11, 2022Updated 3 years ago
jslegendre / MachXPC
View on GitHub
Bidirectional XPC between two (or more) processes without a MachService daemon
☆57Mar 16, 2022Updated 3 years ago
droe / xnumon
View on GitHub
monitor macOS for malicious activity
☆237Feb 5, 2025Updated last year
D00MFist / Mystikal
View on GitHub
macOS Initial Access Payload Generator
☆323Jan 10, 2024Updated 2 years ago
willyu-elastic / SimpleEndpoint
View on GitHub
Sample code for macOS Extensions Part 3
☆24Feb 20, 2020Updated 6 years ago
D00MFist / PersistentJXA
View on GitHub
Collection of macOS persistence methods and miscellaneous tools in JXA
☆288Aug 3, 2023Updated 2 years ago
ydkhatri / Presentations
View on GitHub
Slides and material from my conference presentations
☆16Mar 30, 2024Updated last year
j-0-t / murmamau
View on GitHub
Fetching data from system
☆12Jun 18, 2017Updated 8 years ago
seemoo-lab / apple-continuity-tools
View on GitHub
Reverse engineering toolkit for Apple's wireless ecosystem
☆85Apr 12, 2021Updated 4 years ago
ant4g0nist / Vulnerable-Kext
View on GitHub
A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation
☆236Dec 29, 2020Updated 5 years ago
mattshockl / CVE-2020-9934
View on GitHub
CVE-2020–9934 POC
☆23Jul 28, 2020Updated 5 years ago
richiercyrus / Venator-Swift
View on GitHub
Swift Command line tool used for proactive detection of malicious activity on macOS systems.
☆67Jul 1, 2020Updated 5 years ago
vastlimits / esmat
View on GitHub
macOS Endpoint Security Message Analysis Tool
☆47Jan 31, 2022Updated 4 years ago
objective-see / WhatsYourSign
View on GitHub
WhatsYourSign adds a menu item to Finder.app. Simply right-, or control-click on any file to display its cryptographic signing informatio…
☆343Jan 17, 2026Updated last month
ydkhatri / macOS_FE
View on GitHub
Tools for macOS Forensic Bootable media
☆15May 20, 2020Updated 5 years ago
ydkhatri / mac_apt
View on GitHub
macOS (& ios) Artifact Parsing Tool
☆995Feb 11, 2026Updated 2 weeks ago
FSecureLABS / CalendarPersist
View on GitHub
JXA script to allow programmatic persistence via macOS Calendar.app alerts.
☆44Oct 31, 2020Updated 5 years ago
axelexic / CSOps
View on GitHub
Utility to manipulate codesigned application in Mac OS X. Demonstrate the use of csops system call.
☆83Mar 21, 2024Updated last year
objective-see / ProcInfo
View on GitHub
process info/monitoring library for macOS
☆425Feb 1, 2021Updated 5 years ago